FAC Explorer

Audit 314823

FY End
2023-12-31
Total Expended
$2.07M
Findings
10
Programs
2
Organization: U4i (CA)
Year: 2023 Accepted: 2024-07-10
Auditor: Nicholson & Olson CPAS

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
478117 2023-001 Significant Deficiency - I
478118 2023-001 Significant Deficiency - I
478119 2023-001 Significant Deficiency - I
478120 2023-001 Significant Deficiency - I
478121 2023-001 Significant Deficiency - I
1054559 2023-001 Significant Deficiency - I
1054560 2023-001 Significant Deficiency - I
1054561 2023-001 Significant Deficiency - I
1054562 2023-001 Significant Deficiency - I
1054563 2023-001 Significant Deficiency - I

Programs

ALN Program Spent Major Findings
19.221 Iran Assistance Program $701,731 Yes 1
19.345 International Programs to Support Democracy, Human Rights and Labor $150,445 Yes 1

Contacts

Name Title Type
KZGLM9SF1WE3 Kevin Schumacher Auditee
3017412313 Steven Nicholson Auditor
No contacts on file

Notes to SEFA

Title: Note 1 - Basis of Presentation Accounting Policies: The accompanying schedule of Expenditures of Federal Awards include the federal grant activity of the Organization and is presented in accordance with accounting principles generally accepted in the United States of America. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The information in the schedule is presented with the requirements of the OMB Uniform Guidance. Therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the financial statements. De Minimis Rate Used: Y Rate Explanation: The organization elected to use the 10% de minimis indirect cost rate as covered in 2 CFR 200.414. Uniform Guidance, 200.510(6), requires the Organization to disclose whether or not it elected to use the 10% de minimis cost rate that 200.414(f) allows for nonfederal entities that have never received a negotiated cost rate. The accompanying schedule of expenditures of federal awards includes the federal award activity of U4I, under programs of the federal government for the year ended December 31, 2023, in accordance with the requirements of Title 2 U. S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the Organization, it is not intended to and does not present the financial position, changes in net assets, or cash flows of U4I.
Title: Note 2 - Summary of Significant Accounting Policies Accounting Policies: The accompanying schedule of Expenditures of Federal Awards include the federal grant activity of the Organization and is presented in accordance with accounting principles generally accepted in the United States of America. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The information in the schedule is presented with the requirements of the OMB Uniform Guidance. Therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the financial statements. De Minimis Rate Used: Y Rate Explanation: The organization elected to use the 10% de minimis indirect cost rate as covered in 2 CFR 200.414. Uniform Guidance, 200.510(6), requires the Organization to disclose whether or not it elected to use the 10% de minimis cost rate that 200.414(f) allows for nonfederal entities that have never received a negotiated cost rate. The accompanying schedule of Expenditures of Federal Awards include the federal grant activity of the Organization and is presented in accordance with accounting principles generally accepted in the United States of America. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The information in the schedule is presented with the requirements of the OMB Uniform Guidance. Therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the financial statements.
Title: Note 3 - De Minimis Accounting Policies: The accompanying schedule of Expenditures of Federal Awards include the federal grant activity of the Organization and is presented in accordance with accounting principles generally accepted in the United States of America. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The information in the schedule is presented with the requirements of the OMB Uniform Guidance. Therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the financial statements. De Minimis Rate Used: Y Rate Explanation: The organization elected to use the 10% de minimis indirect cost rate as covered in 2 CFR 200.414. Uniform Guidance, 200.510(6), requires the Organization to disclose whether or not it elected to use the 10% de minimis cost rate that 200.414(f) allows for nonfederal entities that have never received a negotiated cost rate. The organization elected to use the 10% de minimis indirect cost rate as covered in 2 CFR 200.414. Uniform Guidance, 200.510(6), requires the Organization to disclose whether or not it elected to use the 10% de minimis cost rate that 200.414(f) allows for nonfederal entities that have never received a negotiated cost rate.

Finding Details

Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.
Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.
Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.
Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.
Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.
Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.
Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.
Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.
Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.
Finding 2023-001
CURRENT YEAR FINDINGS 2023-001 Significant deficiency – Procurement of Subcontractors, Significant Deficiency in Internal Controls over Compliance, and Instances of Noncompliance. Criteria: The organization is required by the terms and conditions of the grant agreement with the Department of State, that prior to signing a sub award, including a consultant or contractor agreement, the recipient must submit vetting information to the Office of Risk Analysis Management (RAM) and receive written notification of that sub-recipient’s, consultant, or contractors’ eligibility. Condition and Context: Per review of the Organization’s subcontractor and consulting agreements, we were not provided sufficient evidence that the organization completed the vetting process for 2 of the 7 tested. Effect: Federal funds could be expended to contractors that may not use the funds appropriately. In addition, the Organization could unknowingly fund an enemy of the Untied States. Cause: Contracts were signed, and funds were expended to subcontractors without the proper vetting being completed. Recommendation: We recommend not entering into any agreements or releasing funds paid for by federal grants before the completion of the vetting process, as described by the grant agreement. Managements response: Beginning in early 2023, the Organization implemented a new vetting monitoring system and procedure. All contractors and employees submitted for hire by the Program Managers, or the Executive Director, are referred via a Job Proposal automated task document approval to the Managing Director. The Managing Director is the agreed-upon point of contact with the federal agency to determine if the proposed new hire needs to be vetted based on the criteria set by the federal agency. If the Managing Director deems necessary that the hire needs to be vetted, a vetting task and confirmation of receipt are sent by the system to the Operations Associate. The Operations Associate oversees maintaining the RAM system and submitting new vetting requests. Once the vetting has been approved or declined, the Operations Associate enters the information into U4I’s relational database, and only at this point can the hiring process move forward, provided RAM approves the vetting. The new system has automated alarm notifications and emails monthly reports based on the “date of last vetting,” calculating the “date of new vetting” automatically for a list of over 85 employees and contractors. Case 1 - In the case of the first vetting issue, there was a staff transition in the Managing Director’s position and the vetting process was not carried out as described above. There was a gap in filling the responsibility attached to this role. Remedy - We have introduced a backup Vetting POC in our vetting process moving forward to prevent this type of occurrence during transitions. If the Managing Director is unavailable, and a confirmation of the vetting task is not received, the Co-Director acting as interim Vetting POC will be asked to assume the role and evaluate the hires and vetting. Case 2 - In the case of the second vetting issue, we could not find any records of evidence in RAM that vetting ever happened, which is an oversight of internal controls. It is possible that the close relationship of many years between the U4I leadership and this company led to overconfidence and a loosening of normal internal controls. It is also possible that since the contractor is a SAM-registered Canadian company also operating in the USA and receiving federal wards, the management considered the vetting procedure unnecessary. We could not consult the individual that was in that vetting POC role at the time as she is no longer working with U4I. Remedy - The FIN/OPS team overseeing the new vetting procedure and added control steps, will make sure that all vendors, contractors and employees, without exclusions and regardless of any subjective levels of mutual trust and regardless the length of existing relationships, are run through the Job Proposal and Vetting Procedure and that the contractual process will be stopped unless there is a RAM record to consider the hire.